IETF Logo Mail Archive

Re: [TLS] Closing on 0-RTT

"Salz, Rich" <rsalz@akamai.com> Mon, 12 June 2017 18:19 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E5C212EB5E for <tls@ietfa.amsl.com>; Mon, 12 Jun 2017 11:19:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kNRamovwz2YY for <tls@ietfa.amsl.com>; Mon, 12 Jun 2017 11:19:31 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B4AB12EB5D for <tls@ietf.org>; Mon, 12 Jun 2017 11:19:31 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v5CIGrb5032500; Mon, 12 Jun 2017 19:19:28 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=jan2016.eng; bh=+W88/ihL1t1Lt3sSX15AxWzN+7D5A4lMPhpfjqU0k84=; b=dx30HRXnrLyNAeRA3v0fgTLPQ/0/4tO+TYq1lemMGVu74QM4L2P6GZDhxTNgsPJZ0QT1 +pWUzHm26+WH2AwOSX9cV8lENT1U9pAZj4eGJpH50rUtefyRn7V6p8Gdm6RkeTqZKhV0 DecWM9JfzeuoHiG0KZDonvAykKkpIeJJGzH9JbaCyN7fRfAGZylVgkf8kdyNB2q3Ld3L kx840mSpwh2kemIQdiH3l9gnkfsuppMA///qB5CDLyM2//YCqo4leGXM29zpccSEPCuy Yi7sqgjJyaj4oltXpEHYRxnz8lYeDQMcszhwvjOvswfykrnSZ5pUh9iB0PMQc9p0wMbE 6Q==
Received: from prod-mail-ppoint2 (a184-51-33-19.deploy.static.akamaitechnologies.com [184.51.33.19] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 2b1vnrsaru-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 12 Jun 2017 19:19:27 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.17/8.16.0.17) with SMTP id v5CIGcKT022695; Mon, 12 Jun 2017 14:19:27 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint2.akamai.com with ESMTP id 2b0c3u77ws-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 12 Jun 2017 14:19:27 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 12 Jun 2017 14:19:26 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Mon, 12 Jun 2017 14:19:26 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Colm MacCárthaigh <colm@allcosts.net>, Eric Rescorla <ekr@rtfm.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Closing on 0-RTT
Thread-Index: AQHS4sYMYZjiI3AtlUaLYB0HLNHkW6IhzGeA//+956A=
Date: Mon, 12 Jun 2017 18:19:25 +0000
Message-ID: <2e8816cf734e4bb78d36302c6910a82d@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <CABcZeBNLo51y4-MYS6NTQn9OWg5jTYYpwxn1fiKKNL5bWA37TA@mail.gmail.com> <CAAF6GDe58QwbSvYG__fbtT5z6Co5h6AN=PFnD1pz9R8R0XN7hg@mail.gmail.com>
In-Reply-To: <CAAF6GDe58QwbSvYG__fbtT5z6Co5h6AN=PFnD1pz9R8R0XN7hg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.36.218]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-12_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706120318
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-12_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706120318
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3HekA8eSwNYeEykq9HSdEaX19aw>
Subject: Re: [TLS] Closing on 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 18:19:33 -0000

> The one case here where I'd really argue for a "MUST" is middle-boxes like CDNs. The concern I have is if someone has an application that uses throttling or is vulnerable to a resource-exhaustion problem and goes and puts a CDN in front of it, it's not obvious that enabling TLS 1.3 could open them to a new kind of DOS attack. 

A CDN is not a middle box.  It *is* origin as far as the end-users are concerned, because of the business relationship between the CDN and the content provider.  Or, if you don't like that reasoning, then it's not a middlebox as the IETF uses the term.

If the intermediary is vulnerable to the resource attacks, that's the intermediary's issue.

> We've already seen CDNs enable TLS 1.3 with unintentionally broken 0-RTT mitigations, so that's clear evidence that the existing guidance isn't sufficient. I think it would help manage the interoperability risks if we can point out to their customers that the configuration is unambiguously broken. Or at least, it helps to flag it as a security issue, which makes it more likely to get fixed. Absent this, the operators of "backend" applications would have to live with risk that is created by the upstream CDN providers for their own convenience. That seems like a really bad interoperability set up.  

I agree with this.  Which is why I prefer separate streams for early data, and some kind of signaling to the content provider that is clear and unambiguous.  I don't know how to do that when, say, the intermediary/CDN has a persistent connection to the backend...

v2.23.0 | Report a Bug | By Email